{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T21:50:31Z","timestamp":1774475431038,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":21,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["965315"],"award-info":[{"award-number":["965315"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,11]]},"DOI":"10.1145\/3560830.3563721","type":"proceedings-article","created":{"date-parts":[[2022,11,2]],"date-time":"2022-11-02T22:32:41Z","timestamp":1667428361000},"page":"13-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Repeated Knowledge Distillation with Confidence Masking to Mitigate Membership Inference Attacks"],"prefix":"10.1145","author":[{"given":"Federico","family":"Mazzone","sequence":"first","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}]},{"given":"Leander","family":"van den Heuvel","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}]},{"given":"Maximilian","family":"Huber","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}]},{"given":"Cristian","family":"Verdecchia","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}]},{"given":"Maarten","family":"Everts","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}]},{"given":"Florian","family":"Hahn","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}]},{"given":"Andreas","family":"Peter","sequence":"additional","affiliation":[{"name":"University of Oldenburg, Oldenburg, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_2_2_1","volume-title":"International Conference on Machine Learning. PMLR","author":"Choquette-Choo Christopher A","year":"2021","unstructured":"Christopher A Choquette-Choo , Florian Tramer , Nicholas Carlini , and Nicolas Papernot . 2021 . Label-only membership inference attacks . In International Conference on Machine Learning. PMLR , 1964--1974. Christopher A Choquette-Choo, Florian Tramer, Nicholas Carlini, and Nicolas Papernot. 2021. Label-only membership inference attacks. In International Conference on Machine Learning. PMLR, 1964--1974."},{"key":"e_1_3_2_2_3_1","volume-title":"A downsampled variant of imagenet as an alternative to the cifar datasets. arXiv preprint arXiv:1707.08819","author":"Chrabaszcz Patryk","year":"2017","unstructured":"Patryk Chrabaszcz , Ilya Loshchilov , and Frank Hutter . 2017. A downsampled variant of imagenet as an alternative to the cifar datasets. arXiv preprint arXiv:1707.08819 ( 2017 ). Patryk Chrabaszcz, Ilya Loshchilov, and Frank Hutter. 2017. A downsampled variant of imagenet as an alternative to the cifar datasets. arXiv preprint arXiv:1707.08819 (2017)."},{"key":"e_1_3_2_2_4_1","volume-title":"EMNIST: Extending MNIST to handwritten letters. In 2017 international joint conference on neural networks (IJCNN)","author":"Cohen Gregory","year":"2017","unstructured":"Gregory Cohen , Saeed Afshar , Jonathan Tapson , and Andre Van Schaik . 2017 . EMNIST: Extending MNIST to handwritten letters. In 2017 international joint conference on neural networks (IJCNN) . IEEE , 2921--2926. Gregory Cohen, Saeed Afshar, Jonathan Tapson, and Andre Van Schaik. 2017. EMNIST: Extending MNIST to handwritten letters. In 2017 international joint conference on neural networks (IJCNN). IEEE, 2921--2926."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0008"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_2_7_1","unstructured":"Geoffrey Hinton Oriol Vinyals Jeff Dean etal 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 Vol. 2 7 (2015).  Geoffrey Hinton Oriol Vinyals Jeff Dean et al. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 Vol. 2 7 (2015)."},{"key":"e_1_3_2_2_8_1","volume-title":"Membership inference attacks on machine learning: A survey. ACM Computing Surveys (CSUR)","author":"Hu Hongsheng","year":"2021","unstructured":"Hongsheng Hu , Zoran Salcic , Lichao Sun , Gillian Dobbie , Philip S Yu , and Xuyun Zhang . 2021. Membership inference attacks on machine learning: A survey. ACM Computing Surveys (CSUR) ( 2021 ). Hongsheng Hu, Zoran Salcic, Lichao Sun, Gillian Dobbie, Philip S Yu, and Xuyun Zhang. 2021. Membership inference attacks on machine learning: A survey. ACM Computing Surveys (CSUR) (2021)."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363201"},{"key":"e_1_3_2_2_10_1","volume-title":"Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems","author":"Krizhevsky Alex","year":"2012","unstructured":"Alex Krizhevsky , Ilya Sutskever , and Geoffrey E Hinton . 2012. Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems , Vol. 25 ( 2012 ). Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems , Vol. 25 (2012)."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484575"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243855"},{"key":"#cr-split#-e_1_3_2_2_13_1.1","doi-asserted-by":"crossref","unstructured":"Milad Nasr Reza Shokri and Amir Houmansadr. 2019. Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning. https:\/\/doi.org\/10.1109\/SP.2019.00065 https:\/\/github.com\/privacytrustlab\/ml_privacy_meter accessed 20-January-2022. 10.1109\/SP.2019.00065","DOI":"10.1109\/SP.2019.00065"},{"key":"#cr-split#-e_1_3_2_2_13_1.2","doi-asserted-by":"crossref","unstructured":"Milad Nasr Reza Shokri and Amir Houmansadr. 2019. Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning. https:\/\/doi.org\/10.1109\/SP.2019.00065 https:\/\/github.com\/privacytrustlab\/ml_privacy_meter accessed 20-January-2022.","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_2_14_1","volume-title":"Semi-supervised knowledge transfer for deep learning from private training data. arXiv preprint arXiv:1610.05755","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Mart'in Abadi , Ulfar Erlingsson , Ian Goodfellow , and Kunal Talwar . 2016. Semi-supervised knowledge transfer for deep learning from private training data. arXiv preprint arXiv:1610.05755 ( 2016 ). Nicolas Papernot, Mart'in Abadi, Ulfar Erlingsson, Ian Goodfellow, and Kunal Talwar. 2016. Semi-supervised knowledge transfer for deep learning from private training data. arXiv preprint arXiv:1610.05755 (2016)."},{"key":"e_1_3_2_2_15_1","first-page":"61","article-title":"Membership Inference Attack against Differentially Private Deep Learning","volume":"11","author":"Rahman Md Atiqur","year":"2018","unstructured":"Md Atiqur Rahman , Tanzila Rahman , Robert Lagani\u00e8re , Noman Mohammed , and Yang Wang . 2018 . Membership Inference Attack against Differentially Private Deep Learning Model. Trans. Data Priv. , Vol. 11 , 1 (2018), 61 -- 79 . Md Atiqur Rahman, Tanzila Rahman, Robert Lagani\u00e8re, Noman Mohammed, and Yang Wang. 2018. Membership Inference Attack against Differentially Private Deep Learning Model. Trans. Data Priv. , Vol. 11, 1 (2018), 61--79.","journal-title":"Model. Trans. Data Priv."},{"key":"e_1_3_2_2_16_1","volume-title":"Membership privacy for machine learning models through knowledge transfer. arXiv preprint arXiv:1906.06589","author":"Shejwalkar Virat","year":"2019","unstructured":"Virat Shejwalkar and Amir Houmansadr . 2019. Membership privacy for machine learning models through knowledge transfer. arXiv preprint arXiv:1906.06589 ( 2019 ). Virat Shejwalkar and Amir Houmansadr. 2019. Membership privacy for machine learning models through knowledge transfer. arXiv preprint arXiv:1906.06589 (2019)."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_18_1","volume-title":"Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747","author":"Xiao Han","year":"2017","unstructured":"Han Xiao , Kashif Rasul , and Roland Vollgraf . 2017. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 ( 2017 ). Han Xiao, Kashif Rasul, and Roland Vollgraf. 2017. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017)."},{"key":"e_1_3_2_2_19_1","volume-title":"Privacy risk in machine learning: Analyzing the connection to overfitting. In 2018 IEEE 31st computer security foundations symposium (CSF)","author":"Yeom Samuel","unstructured":"Samuel Yeom , Irene Giacomelli , Matt Fredrikson , and Somesh Jha . 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In 2018 IEEE 31st computer security foundations symposium (CSF) . IEEE , 268--282. Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In 2018 IEEE 31st computer security foundations symposium (CSF). IEEE, 268--282."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2021.04.082"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560830.3563721","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3560830.3563721","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:00:34Z","timestamp":1750186834000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560830.3563721"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":21,"alternative-id":["10.1145\/3560830.3563721","10.1145\/3560830"],"URL":"https:\/\/doi.org\/10.1145\/3560830.3563721","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}